This article includes instructions for collecting and converting your code signing certificate into a PFX file for signing. If you purchased your Code Signing certificate after May 14, 2023, you will not need to undergo any of these processes as the certificate will be delivered to you in its final form on physical hardware. This method will be deprecated on June 1, 2023.

Collecting Your Certificate

After validation is finished, the issuing Certificate Authority (CA) will send the certificate via email to the certificate requester. Follow the "pick-up" or "collection" link in the email and initiate the downloading process. After the collection process is completed, your browser should download the certificate file.

Now, to set up your certificate to sign code, you will need to combine the downloaded certificate file with your private key and the chain certificates from Sectigo to create the final certificate file. We have included a download link for the intermediate chain certificates below.

There are several tools you can use to combine your certificate, private key, and the intermediate certificate file.

Option 1: OpenSSL Command Line

If you used OpenSSL to create your certificate signing request (CSR), you should be able to create your final Code Signing certificate the same way. You can run the following commands to pair the certificate, chain certificate, and key and make your PKCS#12 Code Signing file:

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Make sure that "privatekey.key" is your private key, "certificate.crt" is the certificate downloaded from the browser, and "CAcert.crt" is the intermediate certificate downloaded from Sectigo.

Option 2: SSLShopper Certificate Converter Tool

SSLShopper has a convenient certificate converter tool. You will need the following files:

  1. Your code signing certificate
  2. Your private key
  3. Sectigo's Code Signing intermediate certificate

If you downloaded your Code Signing Certificate from Chrome or Edge, you should have a file named "user.crt". This file may be a DER file. In order to use SSL Shopper's tool to make your Code Signing PFX, you must first convert the DER certificate file to PEM using the same tool. You can tell if the certificate is a DER file if you open it with Notepad and see something like this:Use SSL Shopper's tool to first convert this file from DER to PEM.

After you have converted the certificate to PEM, you can now upload the new file, along with your private key and the intermediate certificates to complete the conversion to PFX/PKCS12.

Note: You will set the PFX password for the first time here.

Other Utilities 

If you used another utility, such as MMC or another certificate creation utility, you should be able to import your certificates into that utility to combine all necessary files and create the PKCS#12 for code signing. Please refer to to the documentation for your certificate utility for instructions to import and convert your code signing certificate. 

Code Signing Chain Certificate Download

  • Intermediate: [Download ] Sectigo Public Code Signing CA R36
  • Root: [Download ] SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ]

Please reach out to our live support team if you need any assistance!